Reinforce Your Aws Security Posture, At Multiple Levels

Often, we hear about publicly exposed AWS S3 buckets or security attacks, such as DDoS, brute-force, etc. Every problem in AWS, be it security, compliance, or bill spikes, was/is due to engineering problems. When it comes to AWS security, wrong Security Group (SG) configurations seems to top the charts.    

AWS security audits cannot be a fortnightly activity as generally practiced. It must be an everyday activity. As AWS practitioners, we all know this is effort intensive, especially with manual approach of using AWS console.

If you are an SMB or an enterprise, you will have hundreds of instances running in multiple SGs. Just imagine the amount of time invested just for DeSecOps activities to maintain the security posture.  

Moreover, maintaining security posture on AWS is not an one-man army fight. Security is everyone’s responsibility. It’s teamwork between a CISO or a CTO and his team of DevSecOps or DevOps engineers. Everyone needs to understand the security posture of their AWS accounts at multiple levels, from their respective job roles’ perspective, right from top level to granular level, to this end.

A Focused Visual Environment Offering Real-Time AWS Security Cues

In a dynamic AWS ecosystem, where several resources are provisioned, scaled up or scaled down on-demand, chances of overlooking misconfigurations are high. Because, rules defined under SGs are buried under KBs of code and visualizing traffic flow from logs of VPC flow log data is immensely challenging for a human mind.  

A single console offering visual cues to any security vulnerabilities, to everyone in the team, helps identify such vulnerabilities 100X faster!

Lets walk you through a couple of security audits a CXO or a DevSecOps engineer must perform. Watch how easy it is to perform on a visual console!

Case in Point #1

Checking for open TCP/UDP ports associated with relevant IP and security groups:

Unrestricted inbound/ingress access to TCP/UDP ports can invite malicious activity. The typical plan of action is to keep a check on instances’ SGs for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) to any of these ports and restrict access to only those IP addresses that require it to implement the principle of least privilege.

On the AWS console, you need to hop between Network and Security section and then Security groups via EC2 or RDS dashboard. Check for the tabs shown below the tabulated list. This might take few minutes depending on the number of instances.

However, using TotalCloud, you can check the ingress and egress and check for SGs containing resources that allow data outside the Infrastructure at a glance.

Observe the video below:

This will take anywhere between 5 to 10 seconds, irrespective of the number of instances you are using.

Case in Point #2

Finding SSH open ports and ensuring they are used only for jump box/bastion hosts

Securing network security at the subnet level using a bastion host, NAT instances, or NAT Gateways helps in protecting data. An SG allowing bastion connectivity for existing private instances must only accept SSH or RDP inbound requests from bastion hosts across AZs.

Whereas, the inbound & outbound traffic must be restricted at the protocol level, where in the inbound rule base should accept SSH connections only from the specific IP addresses. The outbound connection should again be restricted to SSH or RDP access to the private instances of your AWS infrastructure.  

On the AWS console, you need to go to VPC console, scroll down to SGs and check for inbound and outbound data under each SG. This might take few minutes to hours depending on the number of instances.

However, using TotalCloud, you can check the ingress and egress and check for SGs containing resources that allow data outside the Infrastructure at a glance.

Observe the video below:


Conclusion: A Centralized Focus View with Visual Cues for Real-time DevSecOps

Change is the only constant. In a dynamic cloud setup, several teams engage. Having a centralized view of live data that acts as visual cues to vulnerabilities, helps identifying security issues in real-time. The ability to zoom in and zoom out at multiple levels, along with the capability to filter out traffic rules, helps everyone in the team to act and secure their infrastructure.

With immersive visualization of such data, anyone in the team can perform continuous security and understand security posture 100X faster and better compared to dashboards. TotalCloud’s Security View is exactly that! Do give it a try!

If you are looking to understand AWS Network stack at a glance, read this post.

Reinforce Your Aws Security Posture, At Multiple Levels

Smart Scheduling at your fingertips

Go from simple to smart, real-time AWS resource scheduling to save cost and increase team productivity.

Learn More
More Posts

You Might Also Like

AWS Use Case Files
Creating a 3-tier Application With Totalcloud’s Code-Free Workflows
As part of a new request by a customer, we've developed a workflow to deploy 3-tier applications much faster. Utilising merely 3 workflows to achieve a result that would have you scripting and troubleshooting for hours. This post gives you an idea of how this workflow functions, the services being used, and how you can benefit from it.
June 2, 2020
Hrishikesh
AWS Tips & Tricks
Componentized Cloud Management: The way ahead for Cloud Automation
When something gets complex, our primary approach is to break it down — even cloud management. If you’re a part of a growing company that uses the cloud, you can see your infrastructure becoming more…
May 29, 2020
Sayonee
AWS Tips & Tricks
Cost Optimization with AWS Serverless Resource Scheduling
You must be aware of EC2 scheduling and its benefits on cost optimization. However, scheduling doesn't need to stop at just EC2 or RDS. There are plenty of other AWS serverless resources that can be scheduled to save costs. While the traditional way might be tedious, Totalcloud provides a safe alternative.
May 28, 2020
Hrishikesh
AWS Use Case Files
Deploying an EKS Cluster With TotalCloud's Code-Free Workflows
Totalcoud workflows can be used for many creative applications. One such application was developed as part of a customer request. With simply 2 workflows, we removed the hassle of provisioning your EKS clusters on AWS. What normally takes grueling efforts of scripting or configuring have now been reduced to just a few clicks.
May 28, 2020
Hrishikesh
AWS Tips & Tricks
5 Best Practices for Tagging AWS Resources
Tagging AWS resources is a simple concept that can come with a bunch of different benefits when used appropriately. Here are the 5 best practices on how you can make the most out of your AWS EC2 tags. Also, learn the common mistakes you could make and how to avoid it.
May 12, 2020
Hrishikesh
AWS Tips & Tricks
Helpful Tips for EC2 Rightsizing
Optimize your cloud costs and boost performance with these tips for rightsizing. Here we go through all the different methods for rightsizing and the approach you need to follow to make sure you are constantly aware of the changing demands in your environment.
May 6, 2020
Hrishikesh